Hack Notice – Privacy Policy

Last Updated: October 18, 2021

Hack Notice, Inc., a Delaware corporation (“we”, “us”, or “our”) provides this Privacy Policy (this “Policy”) to inform you about our collection, use, disclosure, and storage of data about you that we collect via this website and our related services and offerings (collectively, the “Services”). Please review this Policy carefully. By registering an account for the Services, or otherwise using the Services, you agree to the terms and conditions of this Policy. We may update this Policy from time to time in our discretion, for example to keep up with changing laws regarding data processing. We will always keep the current version of this Policy posted on our website. By using the Services after a new version of this Policy has been posted, you agree to the terms and conditions of such version of this Policy.

DATA WE COLLECT

“Personal Data” means information that can be used to identify you, and may include (for example) your name, email address, and other contact information. We collect Personal Data that you voluntarily provide us, for example when you register a user account, sign up for mailing lists or newsletters, submit or upload a Watchlist (as defined below), or otherwise reach out to us. Your submission of Personal Data is voluntary, but we may be unable to provide you requested information or services if you choose not to provide necessary Personal Data.

“Other Information” means information that does not identify you personally, and may include technical details regarding the device you use to access the Services, IP address, operating system, browser, referral URLs, page views, location data (if location services are enabled), clicks, etc. Our systems automatically collect this kind of Other Information when you interact with the Services. Other Information also includes information that may originally have been Personal Data but has been aggregated or anonymized such that it cannot be used to identify any individual.

WATCHLIST DATA

The Services may allow you to submit lists of data points (e.g., email addresses, passwords, etc.) for us to use in providing our security monitoring and hack notification services (“Watchlists”). By submitting a Watchlist or any item contained therein, you (i) represent and warrant that you have all necessary right, title, authority, and consent to provide such information to us and are (and will remain) in compliance with all applicable privacy and other laws regarding such data, and (ii) will indemnify us from and against any claims relating to our processing of such information in performance of the Services or as described herein.

COOKIES AND SIMILAR TECHNOLOGY; RETARGETING

We and our service providers use “cookies” to obtain certain types of data when your web browser accesses our website. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser to enable our system to recognize you and your personalized settings, to better understand how you interact with the Services, to monitor aggregate usage, and to optimize web traffic routing on our website. Most browsers have settings to disable or limit cookies, but please note that certain areas or features of the Services may not be available or fully functional if you choose to disable cookies for our websites. We may also use pixel tags, web beacons, or similar technologies to understand how our users interact with our sites and emails. Our website does not respond to “do not track” signals.

We may use third-party analytics services such as Google Analytics, which help us understand how users are finding and using our Platform. Google Analytics collects information such as how often users visit the Platform, what pages they visit when they do so, and what other sites they used prior to coming to the Platform. We use the information we get from Google Analytics to improve the Platform and our offerings and to provide more relevant advertising. To learn more about Google Analytics’ privacy practices, you can visit https://support.google.com/analytics/answer/6004245?hl=en. To opt out of Google Analytics’ metrics, you can follow the instructions at https://tools.google.com/dlpage/gaoptout.

We may use third-party retargeting services such as those offered by LinkedIn, which helps us focus our marketing efforts on potential users who have interacted with our pages or ads on LinkedIn. You can opt out of LinkedIn’s retargeting services at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We do not control third parties’ collection or use of your information to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/. You may also use TRUSTe’s Preference Manager at http://preferences-mgr.truste.com.

USE OF YOUR DATA

We use your Personal Data:

• for the purposes for which you provided it to us (e.g., to create or update your user account, register you for newsletters, or process a transaction, or provide security monitoring or other requested services, as applicable);

• to respond to your inquiries and communications to us;

• to improve, maintain, and operate the Services;

• to inform you about opportunities, events, or services in which you may be interested, including those offered by our affiliates;

• to investigate and prevent possible fraud;

• to exercise or defend our rights and comply with statutory and regulatory requirements, including responding to lawful requests for information by governmental authorities; and

• for other reasons with your prior consent.

You can opt out of receiving promotional or marketing emails from us at any time by clicking the unsubscribe, opt-out, or similar link at the bottom of any such emails. Please note we may still contact you in connection with your account or any transactions involving you (e.g., password resets, security/hack notifications, etc.).

We may use Other Information (which does not identify you personally) for any manner we deem appropriate, including without limitation to improve, maintain, and operate the Services.

DISCLOSURE OF YOUR DATA

We will not sell your Personal Data to third parties. We may share your Personal Data with our affiliates and as needed to fulfill the purposes described in the “USE OF YOUR DATA” section above, including:

• with our service providers, such as email service providers, customer support providers, and payment processors, who are only permitted to use the data on our behalf;

• as necessary to exercise or defend our rights or comply with applicable law or orders from law enforcement and other governmental authorities; and

• to other third parties with your prior consent.

Additionally, in the event of a merger, consolidation, sale, or transfer of all or substantially all of our assets or business, one of the assets that would generally be transferred is the data we have collected, which would be transferred subject to the applicable version of this Policy.

We may disclose Other Information (which does not identify you personally) to any parties and for any purposes we deem appropriate.

LOCATION; DATA RETENTION, ACCESS, AND CORRECTION; SECURITY

We are based in the United States. By using the Services, you consent to your Personal Data being transferred to and stored in the United States. We may retain your data so long as we can reasonably foresee the data may be required in connection with our business relationship with you. In some cases, we will retain the data for a longer period as necessary to comply with our legal obligations, follow records retention policies, resolve disputes, and enforce our agreements.

You may access and update your Personal Data by visiting your account preferences through the Services, or by contacting us as set forth at the end of this Policy. You may generally delete your Personal Data through your account in the Services or by contacting us to request such deletion, though in some cases we may be entitled to retain certain information pursuant to our legal obligations, if it was provided by a third-party customer, or if otherwise permitted by law.

We have implemented reasonable physical, organizational, and technical procedures to secure the Personal Data we have in our possession. Unfortunately, no measures can be guaranteed to provide 100% security when dealing with internet connections, so we ask that you do not send us any sensitive personal information (and you assume the risk if you choose to do so).

YOUR CALIFORNIA PRIVACY RIGHTS

California law entitles California residents to certain additional protections regarding Personal Data. For purposes of this section alone, “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

We collect the following categories of Personal Information: identifiers, commercial information, Internet or other electronic network activity information, and geolocation data. We collect, use, and disclose Personal Information in the ways described above in our Privacy Policy. We do not sell Personal Information to third parties. California residents have the following rights to the extent granted by applicable law:

• information regarding your Personal Information we have collected in the past 12 months (including the categories of Personal Information we have collected, the categories of sources of such information, and the purposes for which we have collected such information);

• notice of whether we have disclosed your Personal Information to third parties in the past 12 months (and if so, what categories of information we have disclosed, and what categories of third parties we have disclosed it to);

• a copy of your Personal Information collected by us in the past 12 months; and

• that your Personal Information be deleted.

We will not discriminate against you if you choose to exercise any of these rights. To make any of the above requests, please contact us as set forth at the end of this Policy. We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such request. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee to the extent permitted by law.

TRANSFERS FROM THE EU, UK, AND SWITZERLAND

Because our Services are hosted on US-based servers, any information you send to us will be transferred to the United States. If such information includes Personal Data you are transferring from the EU, UK, or Switzerland, then to the extent required by applicable privacy laws (such as the EU’s GDPR or the UK or Swiss counterparts to the GDPR) such transfer will be subject to the Standard Contractual Clauses promulgated by the European Commission for transfers of personal data to non-EU/EEA jurisdictions. In such event, you will be deemed the “data controller” and we will be the “data processor” for purposes of such clauses and compliance with applicable privacy laws.

YOUR EU, UK, AND SWISS PRIVACY RIGHTS

If you are a EU, UK, or Swiss resident, applicable data protection laws may provide you with certain rights with regards to our processing of your Personal Data. To the extent established under applicable law, EU, UK, or Swiss residents may have the right:

• to access, review, and update their Personal Data;

• to restrict our processing of their Personal Data;

• to request that we provide them a copy of, or access to, their Personal Data in structured, commonly used and machine-readable format (or that we transfer their Personal Data to another controller, when technically feasible);

• to withdraw their consent when our processing of their Personal Data is based on consent (and not another legitimate basis);

• to request that we delete their Personal Data (subject to certain limitations); and

• to lodge a complaint with the applicable supervisory authority in the EU. Before you do this, we ask that you please contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

To make any of the above requests, please contact us as set forth at the end of this Policy. We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such request. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee to the extent permitted by law.

Please note that if we received your Personal Data from one of our customers, that customer is the data controller for purposes of the GDPR and similar privacy laws and we may need to refer you to such customer for resolution of your inquiries or complaints.

CHILDREN

The Services are not directed toward children under 13. If a parent or guardian becomes aware that his or her child has provided us with personal information, the parent or guardian should contact us as set forth at the end of this Policy, and we will take reasonable steps to promptly remove such data from our systems (subject to any applicable, legally required or permitted, retention standards).

THIRD-PARTY SITES

The Services may include links to third party sites and services. If you visit or use such third-party sites and services, please be mindful that the relevant third party controls the cookies and other technologies it uses on its sites and how it collects, uses, and shares your personal information. This Policy only governs our own privacy practices; please review the applicable third-party privacy policy when visiting or using any third-party sites or services. We are not responsible for any content provided by third parties or for how they collect, use, share, or otherwise process any information you provide to them.

CONTACT

To make any requests described herein, or otherwise contact us regarding this Policy or our privacy practices, please contact us at support@hacknotice.com.